GDPR

Notes on GDPR Requests

The following applies to the ONE Mobile RTB exchange.

Oath does not check for 3rd Party consent strings. This means that if a user has explicitly given Oath permission to use his/her data, but not Bidder A, Oath will still pass the bid request to Bidder A with all the PII included.

We will pass invalid consent strings (per the IAB spec) on the bid request. Since ONE Mobile cannot parse the consent string, the platform is unable to determine whether the user intends to grant Oath permission to use his/her data. In this situation, Oath strips the PII from the request prior to sending to bidders.